Malicious PDF — malware analysis report

Static analysis result for SHA-256 72d79d4f0caee787…

MALICIOUS

PDF

45.9 KB Created: 2018-11-15 19:35:40 +03:00 Authoring application: - (via htmldoc 1.8.23 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)
MD5: 0c12dc806170a8b074abf35c56df09f6 SHA-1: da8bb48be24ca6c2e64cb331410c4ad69c2d56cf SHA-256: 72d79d4f0caee78790f67905dcbb382388208684647e2746bcc35d480ad29823
160 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified by the PDF_SEO_LINK_FARM heuristic. This suggests the document's primary purpose is to direct users to a network of other PDF files, likely for SEO manipulation or to host malicious content. ClamAV also detected this file as Pdf.Dropper.Agent-7125890-0, indicating a known malicious pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8173

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Dropper.Agent-7125890-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7125890-0
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/mountaineering-essays-peregrine-smith-literary-naturalists.pdf
    • http://www.gorillawalker.com/support-of-the-center-for-prostate-disease-research-at-the.pdf
    • http://www.gorillawalker.com/emergency-response-workbook.pdf
    • http://www.gorillawalker.com/clarkesworld-issue-102.pdf
    • http://www.gorillawalker.com/playwriting-in-process-thinking-and-working-theatrically-2nd-edition.pdf
    • http://www.gorillawalker.com/investigation-of-un-american-propaganda-activities-in-the-united-states.pdf
    • http://www.gorillawalker.com/feng-shui-office-21-tips-for-turning-your-office-into.pdf
    • http://www.gorillawalker.com/first-aid-radiology-for-the-wards-first-aid-series.pdf
    • http://www.gorillawalker.com/walking-dead-101.pdf
    • http://www.gorillawalker.com/salt-water-fly-fishing.pdf
    • http://www.gorillawalker.com/50-biggest-mistakes-i-see-information-marketers-make.pdf
    • http://www.gorillawalker.com/biscuit-goes-to-the-fair-a-pull-the-tab-word.pdf
    • http://www.gorillawalker.com/health-politics-and-policy-delmar-series-in-health-services-administration.pdf
    • http://www.gorillawalker.com/the-panama-canal-pictorial-view-of-the-world-s-greatest.pdf
    • http://www.gorillawalker.com/a-manager-s-guide-to-it-law.pdf
    • http://www.gorillawalker.com/doorway-to-his-heart.pdf
    • http://www.gorillawalker.com/automotive-air-conditioning-video-series-complete-set-of-4-tapes.pdf
    • http://www.gorillawalker.com/by-fodor-s-fodor-s-switzerland-full-color-travel-guide.pdf
    • http://www.gorillawalker.com/a-defence-for-fugitive-slaves-against-the-acts-of-congress.pdf
    • http://www.gorillawalker.com/the-world-of-achaemenid-persia-the-diversity-of-ancient-iran.pdf
    • http://www.gorillawalker.com/psyren-vol-16.pdf
    • http://www.gorillawalker.com/limericks-lewd-and-lusty.pdf
    • http://www.gorillawalker.com/budget-of-the-united-states-government-analytical-perspectives-fy2004.pdf
    • http://www.gorillawalker.com/complete-guide-to-perthshire-paperweights.pdf
    • http://www.gorillawalker.com/yaoi-closet-dt-boys-teach-you-how-to-really-have.pdf
    • http://www.gorillawalker.com/the-columbia-sourcebook-of-literary-taiwan.pdf
    • http://www.gorillawalker.com/the-gospel-in-the-psalms-kindle-edition.pdf
    • http://www.gorillawalker.com/postsurgery-prognostic-tools-give-inaccurate-predictions-urology-an-article-from.pdf
    • http://www.gorillawalker.com/the-field-guide-to-typography-typefaces-in-the-urban-landscape.pdf
    • http://www.gorillawalker.com/common-core-practice-grade-7-math-workbooks-to-prepare-for.pdf
    • http://www.gorillawalker.com/biochemistry-book-with-cd-rom.pdf
    • http://www.gorillawalker.com/managing-chronic-pain-a-cognitive-behavioral-therapy-approach-managing-chronic.pdf
    • http://www.gorillawalker.com/carpentry-and-joinery-illustrated.pdf
    • http://www.gorillawalker.com/writing-for-proficiency-level-b-se-1995c-globe-fearon-writing.pdf
    • http://www.gorillawalker.com/experimental-statistics-reprint-of-the-experimental-statistics-portion-of-the.pdf
    • http://www.gorillawalker.com/regional-pulmonary-function-in-health-and-disease-progress-in-nuclear.pdf
    • http://www.gorillawalker.com/the-girl-with-the-dragon-tattoo.pdf
    • http://www.gorillawalker.com/how-to-make-traditional-cuisine-sensation-delicious-50-chicken-recipes.pdf
    • http://www.gorillawalker.com/the-best-of-the-wednesday-workshops-volume-1-kindle-edition.pdf
    • http://www.gorillawalker.com/wiltshire-dialect.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.